Tag: Hacking

Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware
News

Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware

A pair of zero-day vulnerabilities in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been discovered recently, and they have been utilized to drop the open-source Sliver adversary simulation program. The payload, named KrustyLoader, is built on Rust. On vulnerable appliances, the security flaws identified as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1) could be exploited in concert to accomplish unauthenticated remote code execution. As of January 26, the software vendor has published an XML file as a temporary mitigation read more Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, ...
Ivanti warns critical EPM bug lets hackers hijack enrolled devices
News

Ivanti warns critical EPM bug lets hackers hijack enrolled devices

In its Endpoint Management software (EPM), Ivanti addressed a serious remote code execution (RCE) vulnerability that may have allowed unauthorized attackers to take control of registered devices or the core server. Ivanti EPM facilitates the management of client devices on a variety of operating systems, including Windows, macOS, Chrome OS, and Internet of Things. All supported Ivanti EPM versions are affected by the security weakness (recorded as CVE-2023-39366), which has been fixed in version 2022 Service Update 5. Low-complexity attacks that don't require privileges or user engagement can be exploited by attackers who have access to the internal network read more Ivanti warns critical EPM bug lets hackers hijack enrolled devices. Get up to date on the latest cybersecurity new...
Microsoft: Hackers target defense firms with new FalseFont malware
News

Microsoft: Hackers target defense firms with new FalseFont malware

Microsoft claims that the newly found FalseFont backdoor software is being used by the Iranian cyber-espionage outfit APT33 to target defense contractors across the globe. "Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to deliver a newly developed backdoor named FalseFont to individuals working for organizations in the Defense Industrial Base (DIB) sector," the business stated. Over 100,000 defense firms and subcontractors that do research and development on military weapon systems, subsystems, and components make up the DIB read more Hackers target defense firms with new FalseFont malware. This hacking gang, which is also known by the names Peach Sandstorm, HOLMIUM, and Refined Kitten, has been active since at least 2013. Get up to date on the...
North Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection
News

North Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection

Threat actors from North Korea have been observed "mixing and matching" various components of the two distinct attack chains, using RustBucket droppers to propagate KANDYKORN, one of the macOS malware strains they are responsible for. The research was conducted by cybersecurity firm SentinelOne, which also connected the RustBucket campaign to a third malware that is specific to macOS and is known as ObjCShellz. RustBucket is the name of an activity cluster associated with the Lazarus Group, wherein, upon viewing a specially crafted lure document, a backdoored version of a PDF reader app called SwiftLoader read more North Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity wit...
North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware
News

North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware

Using a unique macOS malware known as KANDYKORN, state-sponsored threat actors from the Democratic People's Republic of Korea (DPRK) have been discovered using Discord to target blockchain engineers of an unidentified cryptocurrency exchange company. According to Elastic Security Labs, which cited an examination of the network architecture and methods employed, the activity, which dates back to April 2023, shows similarities with the notorious antagonistic collective Lazarus Group. "In order to obtain first access to the environment, threat actors enticed blockchain engineers with a Python application," security experts Ricardo Ungureanu, Seth Goodwin, and Andrew Pease stated in a paper released today. This intrusion involved multiple complex stages that each employed deliberate ...
Citrix Bleed exploit lets hackers hijack NetScaler accounts
News

Citrix Bleed exploit lets hackers hijack NetScaler accounts

The 'Citrix Bleed' vulnerability, identified as CVE-2023-4966, has a proof-of-concept (PoC) exploit available that enables attackers to obtain authentication session cookies from susceptible Citrix NetScaler ADC and NetScaler Gateway appliances. Citrix resolved CVE-2023-4966, a critical-severity remotely exploitable information disclosure vulnerability, on October 10th, albeit not much information was disclosed. Mandiant disclosed on October 17 that the vulnerability had been exploited as a zero-day attack since late August 2023. Citrix sent out a follow-up warning on Monday to NetScaler ADC and Gateway appliance managers, asking them to patch the vulnerability right away read more Citrix Bleed exploit lets hackers hijack NetScaler accounts. Get up to date on the latest cybers...
New AtlasCross hackers use American Red Cross as phishing lure
News

New AtlasCross hackers use American Red Cross as phishing lure

AtlasCross, a new APT hacking outfit, uses phishing lures that impersonate the American Red Cross to target businesses and spread backdoor software. DangerAds and AtlasAgent, two previously unreported trojans, have been linked to attacks by the new APT organization, according to cybersecurity firm NSFocus. According to NSFocus, the AtlasCross hackers are skilled and evasive, making it difficult for the researchers to pinpoint their origin. This APT attacker is quite different from known attacker characteristics in terms of execution flow, attack technology stack, attack tools, implementation details, attack objectives, behavior tendency, and other main attribution indicators, according to NSFOCUS Security Labs, which conducted an in-depth analysis of the attack process read more ...
Hackers actively exploiting Openfire flaw to encrypt servers
News

Hackers actively exploiting Openfire flaw to encrypt servers

Openfire messaging servers have a high-severity vulnerability that hackers are actively using to install cryptominers and encrypt servers with ransomware. A popular Java-based open-source chat (XMPP) server called Openfire has been downloaded 9 million times and is frequently used for private, cross-platform chat communications. The vulnerability, identified as CVE-2023-32315, affects Openfire's administrative dashboard and results in an authentication bypass, enabling unauthenticated attackers to establish new admin accounts on vulnerable servers. These accounts are used by the attackers to install malicious Java plugins (JAR files), which then carry out instructions received via GET and POST HTTP requests read more Hackers actively exploiting Openfire flaw to encrypt servers. ...
CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities
News

CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities

Several nation-state actors are using security holes in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to obtain unauthorized access and establish persistence on compromised systems, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday. According to a joint alert released by the agency, the Federal Bureau of Investigation (FBI), and Cyber National Mission Force (CNMF), "Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized access to a public-facing application (Zoho ManageEngine ServiceDesk Plus), establish persistence, and move lateral through the network." The identity of the threat organizations responsible for the attacks have not been made public, but the U.S. Cyber Command (USCYBERCOM)...
Hackers Exploit MinIO Storage System Vulnerabilities to Compromise Servers
News

Hackers Exploit MinIO Storage System Vulnerabilities to Compromise Servers

Unknown threat actors have been seen using MinIO's high-performance object storage system's high-severity security holes as weapons to execute unauthorized code on vulnerable systems. Security Joes, a company that specializes in cybersecurity and crisis response, claimed that the attack used a publicly accessible exploit chain to backdoor the MinIO instance. the first of which was posted to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) list of Known Exploited Vulnerabilities (KEV) on April 21, 2023, consists of CVE-2023-28432 (CVSS score: 7.5) and CVE-2023-28434 (CVSS score: 8.8). The two flaws "possess the potential to expose sensitive information present within the compromised installation read more Hackers Exploit MinIO Storage System Vulnerabilities to Co...